From: Kai Moritz <kai@juplo.de>
Date: Sun, 25 May 2025 15:54:37 +0000 (+0200)
Subject: WIP:sasl-client--broker-angepasst--separate-accounts
X-Git-Url: http://juplo.de/gitweb/?a=commitdiff_plain;h=ccff0ed7f02fbb514ad265bb2e03bac2a036ac45;p=demos%2Fkafka%2Ftraining

WIP:sasl-client--broker-angepasst--separate-accounts
---

diff --git a/STEP-ONE.sh b/STEP-ONE.sh
index a78cc8e..2e87a43 100755
--- a/STEP-ONE.sh
+++ b/STEP-ONE.sh
@@ -20,22 +20,36 @@ docker compose exec zookeeper zookeeper-shell zookeeper:2181 get /cluster/id
 echo "Starting Kafka in Zookeeper-Mode..."
 docker compose up setup
 
-echo "Setting up ACLs for the consumer and the producer..."
-# client
+echo "Setting up ACLs for the producer..."
 docker compose exec cli kafka-acls \
   --command-config /mnt/admin.properties \
   --bootstrap-server kafka:9092 \
   --add \
-  --allow-principal User:client \
+  --allow-principal User:producer \
   --topic test \
-  --consumer --group=my-group \
   --producer
 
 docker compose exec cli kafka-acls \
   --command-config /mnt/admin.properties \
   --bootstrap-server kafka:9092 \
   --list \
-  --user-principal User:client \
+  --user-principal User:producer \
+  --topic test
+
+echo "Setting up ACLs for the consumer..."
+docker compose exec cli kafka-acls \
+  --command-config /mnt/admin.properties \
+  --bootstrap-server kafka:9092 \
+  --add \
+  --allow-principal User:consumer \
+  --topic test \
+  --consumer --group=my-group \
+
+docker compose exec cli kafka-acls \
+  --command-config /mnt/admin.properties \
+  --bootstrap-server kafka:9092 \
+  --list \
+  --user-principal User:consumer \
   --group=my-group \
   --topic test
 
diff --git a/admin.properties b/admin.properties
index b040250..d7168db 100644
--- a/admin.properties
+++ b/admin.properties
@@ -2,4 +2,4 @@ sasl.mechanism=PLAIN
 security.protocol=SASL_PLAINTEXT
 sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
   username="broker" \
-  password="geheim";
+  password="brokerpw";
diff --git a/docker-compose.yml b/docker-compose.yml
index df9f07f..c762053 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -31,24 +31,27 @@ services:
       KAFKA_LISTENER_NAME_BROKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_BROKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
       KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
       KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 10000
@@ -85,24 +88,27 @@ services:
       KAFKA_LISTENER_NAME_BROKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_BROKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
       KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
       KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 10000
@@ -144,24 +150,27 @@ services:
       KAFKA_LISTENER_NAME_BROKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_BROKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
       KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
       KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 10000
@@ -263,7 +272,7 @@ services:
       spring.kafka.jaas.enabled: "true"
       spring.kafka.properties.security.protocol: SASL_PLAINTEXT
       spring.kafka.properties.sasl.mechanism: PLAIN
-      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim";
+      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="producer" password="producerpw";
       juplo.producer.topic: test
 
   consumer:
@@ -274,7 +283,7 @@ services:
       spring.kafka.jaas.enabled: "true"
       spring.kafka.properties.security.protocol: SASL_PLAINTEXT
       spring.kafka.properties.sasl.mechanism: PLAIN
-      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim";
+      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="consumer" password="consumerpw";
       spring.kafka.consumer.auto-offset-reset: earliest
       logging.level.org.apache.kafka.clients.consumer: INFO
       juplo.consumer.topic: test
@@ -287,7 +296,7 @@ services:
       spring.kafka.jaas.enabled: "true"
       spring.kafka.properties.security.protocol: SASL_PLAINTEXT
       spring.kafka.properties.sasl.mechanism: PLAIN
-      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim";
+      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="consumer" password="consumerpw";
       spring.kafka.consumer.auto-offset-reset: earliest
       logging.level.org.apache.kafka.clients.consumer: INFO
       juplo.consumer.topic: test
@@ -300,7 +309,7 @@ services:
       spring.kafka.jaas.enabled: "true"
       spring.kafka.properties.security.protocol: SASL_PLAINTEXT
       spring.kafka.properties.sasl.mechanism: PLAIN
-      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim";
+      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="consumer" password="consumerpw";
       spring.kafka.consumer.auto-offset-reset: earliest
       logging.level.org.apache.kafka.clients.consumer: INFO
       juplo.consumer.topic: test